Clear the Logs & History on Linux Systems to Delete All Traces You Were There [Tutorial]
ฝัง
- เผยแพร่เมื่อ 8 ก.พ. 2025
- Get Our Premium Ethical Hacking Bundle (90% Off): nulb.app/cwlshop
How to Wipe All Proof You Were in a Linux System
Full Tutorial: nulb.app/x5osd
Subscribe to Null Byte: goo.gl/J6wEnH
Nick's Twitter: / nickgodshall
Cyber Weapons Lab, Episode 216
When somebody's computer is compromised, the hacker gains almost full control over that computer, allowing them to set up payloads such as reverse persistent shells or keystroke duplicators. However, when the hacker is setting up their payloads, they can leave behind traces that they were there. This evidence takes form in the Bash command history or the files they leave behind that were needed to set up the payload.
If the hacker was smart, they would delete the command history and any files that are not necessarily to make the payload work. Doing so will decrease the chance that the
hacker will get caught and will increase the chance that the payload is effective.
In this episode of Cyber Weapons Lab, we'll be going over drd_'s article on Null Byte to see how a hacker would go about wiping their tracks. Knowing this will help you drill down to information the hacker may have missed during advanced digital forensics.
To learn more, check out drd_'s full article on Null Byte: nulb.app/x5osd
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Vimeo: vimeo.com/chan...
![Conduct a Penetration Test Like a Pro in 6 Phases [Tutorial]](http://i.ytimg.com/vi/8a1yTN2kFNw/mqdefault.jpg)
Removing or zeroing out logs can be just as suspicious as leaving them in the firsr place and can trigger incident response measures. Alternatively, you can copy log files and directories on entry, perform minimal alterations to remove the copy commands, and then replace the log files with the copies when you're done. This can also all be easily scripted for entry and exit commands
well said
Thats actually really good advice. Thanks
Very true
Clever!!
How exactly would you "replace" the log files in this scenario? I.e. what commands? Because if it's simply mv /copied_auth.log /current_auth.log I don't see how that doesn't trigger just as much of an IR.
Suddenly all logs are lost from my server. Not suspicious at all..
I know right.... Hilarious. This maybe works on someone's home "Lab", but nothing serious. Not to mention, they will certainly have many other machines/vms keeping records. This will work with small and maybe medium size businesses, especially businesses that are outside the financial industry --like retail, or real estate companies, etc.
Most small medium-sized businesses do not have someone monitoring logs anyway
Lets be honest, this Video is pretty basic anyway and the production quality is also pretty Bad this time
Artillery, tripwire, sendmail, snort,.... This would have sent you IP addresses and changes with timestamp.
so the whole video is about "sudo rm -r /var/log/*" ???
Watching this was quite a waste of time sadly
Thanks
😂
The Best Linux Command is always this: *sudo rm -rf /** lol😂🧑💻
shred is better
They missed out the most interesting part - how to get su :D
You can find this on the nullbyte website
at gun point.. you know like in the movies lol
@Null Byte Thanks Nick for actually enlarging the text size in the shell. I wish this was done in all videos here.
the most crucial step of pentest is also covering tracks glad you made a video about it
If you wanna teach, you have to go slowly and paused, see what you write. Remember that you are guiding others.
You guys are Great. I was wondering this morning how to clear the history,but I forgot about it. And now here it is. Thank you
@@y4kuzi072 no I meant I forgot to get into it , as a reminder.
This doesn't work if the system has something like tripwire using sendmail to forward changes within the system. Or even using artillery to log, and block entry ports to begin with. This is where the sysadmin would override the intelligence of the hacker.
To master offensive security, one needs to master defensive security.
Well said
Did they just post the first take of this tutorial? He's trying to run commands as a user who's not in the sudoers file. At least post the second take where you've, hopefully, fixed the missteps if only to convince viewers that you understand what you're doing and not just following instructions left by someone else.
quite true. even in the truncate it doesn't show the parameter 0 on the cli and the cli throughs invalid number.
An alternative to rm -rf'ng a file, is using shred -xzuvf to overwrite the stored file with 0's and delete it securely.
good info.. though it went a little fast. i noticed that went you deleted files the warning that the action would be reported always came up... is that not a log file itself that should be dealt with?
Why is this even uploaded? It feels like this is a draft edit that is going to be edited in order to be uploaded. The sound is awful at some points and I feel like the presenter does not even know the basic Linux commands and permissions.
For 2 minutes he is trying to delete the auth.log without explaining what he is doing wrong or what he finally did to delete it. Linux is kind enough to show to you that the user you are logged in (sandbox) is not a member of the sudo group, so he cannot execute commands as sudo, but you keep ignoring it.
I mean its OK to not know what you are doing, but if you are going to make a video about it, I think you should be more careful.
I know right? What's up with the dude failing at doing basic tasks and then not cutting that part out and just continue like nothing happened... I mean it was obviously edited and sped up? The only practical takeaway from this video was; "you can create hidden files in linux herpderp", "If you are root you can remove files that only root user has access to herpderp" and "Look at this cool script i downloaded and executed with no explaination of what it does". the script kiddie wibes are strong with this channel... and what's up with the other comments on this video, they all seem to praise it even though it was hella shoddy? Bought views/Click farm?
This happens on this channel All The Time. They need to spend more time editing out all the F Ups.
@@b1naryhero I totally agree with you. I didn't even mention the "Download this script to delete your traces" script kiddie part... I feel like the content here is leaning towards to edgy and catchy hacker titles that attract those who want content like "hoW to HaCk a FaCeBoOk acCouNt"
Yes. For the whole length of this video I was thinking the same. I don't know if there is a dedicated person or a team who does the editing, or the same guy who casted the video did the editing. Maybe they did this in a hurry. Nullbyte is actually a pretty good channel, but why are they digging into topics like this I don't understand.
Feels like the original content creators left the channel after TH-cam's decision to disallow actual explanations
make a logic bomb that wipes the whole HDD after quitting session ...
A logic bomb?
How about some swirling graphics on all 7 monitors while you “Hack” the mainframe and solve crypto like a Rubrikscube 😂
💀💀logic bomb
Please make a video about clearing logs in windows!
use privazer if you are a noob ...
@@SALTINBANK and how do yiu clear logs as a pro?
type a space before the command to stop it being recorded in history
you mean like -a -t and not -a-t
Or like
-a
-t
?
@@karlobabic8495 ' ls' will not be recorded in history, where as 'ls' will
Can you do one for windows or will flushdns be ok???
How does the delete really really work? Is that air you breath?
Thanks for the video
Extremely basic info. I was expecting lot more depth. The only useful stuff was the covermyass git repo
please upload a video about clearing logs on a windows computer through cmd
the hardest part is finding a vulnerability allowing access into a machine
It is called the secretary.
That background music what is that???
if someone wanted to hide all history they would start each command with a space...
But i don't know where all these logs are get stored!!
You work at the JPL?
How to contact you?
Good stuff but if i will have my hids system there i will know what was changed and will be alerted.
Irregardless. So its regarded
/dev/shm
sandbox
covermyass
Awesome bro
which app were you using to put all these commands
Do you guys offer classes for beginners I am interested in cyber security and but I do not know any reputable sources that can be of help if you guys can help I would really appreciate it
Thank you
If you want to start In Hacking. Go for old Courses they are simple and easy to understand.
@@faizanarif2610 Could you kindly refer any of these course to me perhaps a link or two
thank you very much
@@taoriq3632 Get books about basic computing and hardware. Once you fully understand hardware and firmware, the digital world is yours. I am not kidding.
@@VidarrKerr Thank you. Any recommendations?
you scared me
Who’s Ron k ? Delete if not allowed
long time no see. where are you cute hacker ??
Sir, why do you tell about firewall and can you show how to create the firewall for android and windows and Mac .Can you help me to create own firewall to defend from the hackers.can you please make a video on it.
This whole video is a fail, 'deleting' logs is very bad practice. And you're actually not deleting anything with rm. The data is still there until overwritten and any forensic tool will recover the files very easily.
Easier, just do all your hacks on a LIVE Persistent USB system, and when you finish your hacks,
and (if sensitive) just destroy it...
very nice
I love this stuff. Definitely one of the most comprehensive hacking channels on yt
Does it work in windows 10? If so do i just use command prompt or no
Please make one for windows :)
This video has virtually no useful instruction in it, anyone with basic command line knowledge wouldn't have to try things 50 times and still miss any useful lesson.
Can you please make a Discord server
Yeah bro
@@Null-si2fy Will you make an announcement when it’s done? Also, when do u expect it to be done?
@@nehana649 gimme till Monday
@@Null-si2fy No pressure man. Keep up the great work!
@@nehana649 thats not the uploader, someone tries to trick you
Does this work on chromebook?
I see that you had alot of acnes. Consider to stop consuming oily food bro. It will help.
You know how to see keyboard typing history in kali?
You guys aren't considering a SIEM proxy
@@y4kuzi072 hi are you expert in hacking??
I want to learn hacking and build my career in cyber security
Can you tell me what's the minimum knowledge I should know before starting learning hacking(sorry i am not good at English)
video is good yess yess
but can this be elaborated for beginners that are kinda new know maybe not as much as you but a little about penetesting that they can get around the system without a problem?
Hi sir can U make a small video on How to instal airgeddon with all tools on Ubuntu.
I am getting much difficulty and errors and there is no Video about it instead the video is how we can install on Kali but i want to install it on ubuntu
Super amazing
Instead of deleting the Auth Logs to cover your tracks, why don't you just break the OS by deleting all the directories? I mean if we're talking about a situation where you *need* to cover your tracks then surely it's just safer to delete these logs and then destroy the the system. lol
Here is the command you would use:
rm -rf / (this one deletes everything)
i have cueshn for yuo can yuo hak pobg mobile?😢😢
this video is all over the place , what?!..
Respect!👍
pwnmagad l33t haxxr0 .kn0ws-hidden-philez
Hi Brother
I am a software engineer. Looking for a fast processing laptop. I will be using VMs along with physical system same time. Please suggest one.
🤔
super user is easy,
sudo passwd
"enter new password"
Bro, bro bro. Bro bro bro. Bro. Bro.
Stupid background music.
Hey I want to learn how to hack online games can you please make one video on it
Yessir
Dude...go take care of your skin
Helli bro
𝙏𝙝𝙚 𝙐𝙡𝙩𝙞𝙢𝙖𝙩𝙚 𝙒𝙖𝙮 𝙏𝙤 𝘾𝙡𝙚𝙖𝙧 𝙔𝙤𝙪𝙧 𝘽𝙧𝙤𝙬𝙨𝙚𝙧 𝙃𝙞𝙨𝙩𝙤𝙧𝙮
first
Bro how to hack target fb account plz bro
Lmao get a life
@@alexandermertens7615 I am suspicious of the mental health of those seeking to hack social media accounts. Very sad...
@killer boy lol
@killer boy Will probably work if done the right way. And YES, people looking to hack into other peoples' social media are complete losers. Probably been cucked over by their girlfriends/boyfriends and have no life.
Bro stfu bro